bd6b48bd1763f7d0d254fdb811cec2cb4680dcaec23c1c7e031321f0c9542794

Sharing

Copy URL Twitter E-mail

General

Target

bd6b48bd1763f7d0d254fdb811cec2cb4680dcaec23c1c7e031321f0c9542794
Size

92KB
MD5

9830f7d697b83ca2c487b73579d9a608
SHA1

6370e8d8364c6507d73e006252f0599a4640e1bf
SHA256

bd6b48bd1763f7d0d254fdb811cec2cb4680dcaec23c1c7e031321f0c9542794
SHA512

8c8f2516a268ded14302b5e0195fed273774c01f80ff9e4633305ba236e2d1c299bbf6bae821d9ea7352985264fa8f8ffaad22fcbf66fad9ce7abf158599cc1d
SSDEEP

1536:8QX8UiWUgK1FXnBGFUjYn/BWe3TK32A5Mq9caESH/uOk05yF05yY5JesK3R:IUiHjVJs/BTu95ZDESfuat15JI3R

Score

N/A

Malware Config

Signatures

Files

bd6b48bd1763f7d0d254fdb811cec2cb4680dcaec23c1c7e031321f0c9542794
.exe windows x86

79795195c6f1a78979369d648d3086a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenBackupEventLogW
LockServiceDatabase
BuildImpersonateTrusteeW
LogonUserA
GetSecurityDescriptorSacl
LookupPrivilegeValueA
ReadEventLogW
RegisterServiceCtrlHandlerA
SetTokenInformation
CryptGetProvParam
CryptSetProvParam
ConvertSecurityDescriptorToAccessNamedW
GetSecurityDescriptorDacl
TrusteeAccessToObjectA
CreateProcessAsUserA
ChangeServiceConfigW
SetSecurityDescriptorGroup
BuildTrusteeWithNameW
SetSecurityDescriptorOwner
ConvertSecurityDescriptorToAccessNamedA
RevertToSelf
CryptGetDefaultProviderW
GetPrivateObjectSecurity
AdjustTokenPrivileges
SetServiceBits
RegUnLoadKeyA
CryptSetProviderExA
GetAce
SetEntriesInAccessListW
RegQueryValueW
OpenServiceA
RegSaveKeyA
EqualSid
RegOpenKeyA
CryptVerifySignatureA
CryptEncrypt
LookupAccountNameA
LookupPrivilegeDisplayNameA
BackupEventLogA
SetSecurityDescriptorSacl
OpenThreadToken
OpenEventLogA
RegSetKeySecurity
SetNamedSecurityInfoA
RegConnectRegistryA
GetSecurityDescriptorOwner
RegFlushKey
RegRestoreKeyW
GetUserNameW
ImpersonateNamedPipeClient
AddAccessDeniedAce
QueryServiceLockStatusA
SetAclInformation
IsValidAcl
LookupSecurityDescriptorPartsA
RegUnLoadKeyW
GetLengthSid
QueryServiceConfigW
RegSetValueW
MakeAbsoluteSD
ObjectPrivilegeAuditAlarmA
DeleteService
RegisterEventSourceA
RegLoadKeyA
RegEnumValueA
RegCloseKey
GetKernelObjectSecurity
CryptCreateHash
GetCurrentHwProfileW
GetTrusteeTypeA
GetNumberOfEventLogRecords
ImpersonateLoggedOnUser
ObjectDeleteAuditAlarmW
SetKernelObjectSecurity
OpenProcessToken
BuildTrusteeWithNameA
AdjustTokenGroups
SetNamedSecurityInfoExA
CryptGetUserKey
IsTextUnicode
GetMultipleTrusteeA
CryptDestroyHash
BuildExplicitAccessWithNameA
RegDeleteValueW
ClearEventLogA
GetCurrentHwProfileA
QueryServiceStatus
GetSidIdentifierAuthority
RegSaveKeyW
GetMultipleTrusteeOperationW
RegQueryValueExW
GetSidLengthRequired
LookupAccountNameW
RegDeleteKeyW
GetSidSubAuthorityCount
IsValidSecurityDescriptor
SetFileSecurityW
FreeSid
AllocateAndInitializeSid
AllocateLocallyUniqueId
ControlService
AreAnyAccessesGranted
RegRestoreKeyA
AddAccessAllowedAce
CloseEventLog
StartServiceCtrlDispatcherA
CryptSetProviderW
ObjectDeleteAuditAlarmA
AddAce
ObjectCloseAuditAlarmW
SetThreadToken
InitiateSystemShutdownW
GetSecurityInfoExW
RegQueryMultipleValuesA
RegQueryValueExA
CreateProcessAsUserW
GetExplicitEntriesFromAclW
IsValidSid
BackupEventLogW
RegNotifyChangeKeyValue
StartServiceA

user32

DdeCreateStringHandleW
SetSystemCursor
UpdateWindow
GetWindowLongA
RegisterWindowMessageA
UnpackDDElParam
SetMenuDefaultItem
LoadCursorFromFileA
TrackPopupMenuEx
SetActiveWindow
MoveWindow
GetDesktopWindow
VkKeyScanExA
EnumWindows
InternalGetWindowText
GetCursor
EditWndProc
CreateWindowExW
RegisterWindowMessageW
SetClipboardData
UnregisterHotKey
DeferWindowPos
ReleaseDC
DdeQueryStringW
EnumDisplaySettingsA
CheckRadioButton
PostMessageW
GetClassLongW
InsertMenuItemA
SetWindowsHookExW
DdeAbandonTransaction
GetClassLongA
LoadMenuIndirectW
DlgDirListComboBoxW
OffsetRect
RegisterClipboardFormatA
LoadIconW
ReuseDDElParam
GrayStringA
SetCaretPos
DdeAddData
GetMenuStringA
GetClassNameA
SystemParametersInfoW
DragDetect
GetMenuItemID
IsCharUpperW
TrackMouseEvent
LoadCursorFromFileW
GetScrollPos
BroadcastSystemMessage
GetDoubleClickTime
VkKeyScanW
DdeFreeDataHandle
SendNotifyMessageW
LoadBitmapW
GetKeyboardLayoutNameW
BlockInput
GetScrollRange
FindWindowA
GetMenuItemCount
EndMenu
IsZoomed
GetNextDlgTabItem
FrameRect
GetTabbedTextExtentW
CharPrevExA
GetWindowTextW
OpenWindowStationA
GetUpdateRect
SetMenuContextHelpId
DdeQueryStringA
GetCaretPos
LoadMenuIndirectA
LookupIconIdFromDirectoryEx
BringWindowToTop
SetClassLongA
SendDlgItemMessageA
IsRectEmpty
DestroyCaret
GetMenuInfo
MsgWaitForMultipleObjectsEx
CharUpperW
EndPaint
CreateIconFromResourceEx
SetScrollRange
GetGuiResources
MessageBoxA
GetWindowLongW
AdjustWindowRectEx
MessageBoxIndirectA
WinHelpW
DdeInitializeA
SetClassWord
GetUserObjectSecurity
DefMDIChildProcA
IsChild
FindWindowExA
BroadcastSystemMessageW
ArrangeIconicWindows
DefDlgProcW
RegisterClassA
ScreenToClient
DdeNameService
DdeCreateDataHandle
MapVirtualKeyA
EnumThreadWindows
MenuItemFromPoint
MonitorFromRect
IsCharLowerW
CharUpperA
SetScrollInfo
GetMessageA
GetClipboardSequenceNumber
DdeCmpStringHandles
GetNextDlgGroupItem
SetForegroundWindow
GetSystemMenu

ole32

OleDestroyMenuDescriptor
CoGetCallContext
CoTaskMemFree
CoFreeUnusedLibraries
OleSetClipboard
CoUninitialize
OleCreateEx
WriteStringStream
CoQueryProxyBlanket
CoRegisterChannelHook
CoGetInstanceFromIStorage
CoImpersonateClient
ProgIDFromCLSID
CoGetMarshalSizeMax
GetRunningObjectTable
ReadClassStm
OleGetAutoConvert
ReleaseStgMedium
RegisterDragDrop
OleDraw
OleCreateStaticFromData
OleLoad
CreateGenericComposite
CoCreateInstanceEx
CoSwitchCallContext
CreateILockBytesOnHGlobal
OleSetMenuDescriptor
OleCreateFromFile
OleCreateDefaultHandler
CoGetObject
CoGetInterfaceAndReleaseStream
OleSaveToStream
OleSetAutoConvert
CoUnmarshalHresult
OleRun
CoGetClassObject
CoMarshalHresult
OleQueryLinkFromData
OpenOrCreateStream
OleRegEnumFormatEtc
StgOpenStorageEx
WriteOleStg
OleCreateLinkFromDataEx
CoQueryReleaseObject
StringFromIID
OleIsCurrentClipboard
OleFlushClipboard
CreateOleAdviseHolder
CoFileTimeToDosDateTime
CoCreateFreeThreadedMarshaler
CreateBindCtx
CoRegisterSurrogate
GetHGlobalFromILockBytes
MonikerRelativePathTo
OleCreateFromFileEx
OleLoadFromStream
CoGetCallerTID
ReadClassStg
StgIsStorageFile
OleGetClipboard
OleConvertOLESTREAMToIStorage
CreatePointerMoniker
CreateItemMoniker
CoReleaseServerProcess
WriteFmtUserTypeStg
OleRegEnumVerbs
OleRegGetMiscStatus
CoLockObjectExternal
CoGetCurrentLogicalThreadId
CoIsOle1Class
PropVariantCopy
OleCreateLink
OleGetIconOfFile
EnableHookObject
CoCreateGuid
RevokeDragDrop
CoRegisterMallocSpy
GetHGlobalFromStream
OleCreateFromData
OleDoAutoConvert
OleCreateLinkFromData
CoGetCurrentProcess
StringFromCLSID
ReadStringStream
OleConvertIStorageToOLESTREAMEx
CoRegisterClassObject
CoGetTreatAsClass
OleRegGetUserType
CoFreeAllLibraries
OleMetafilePictFromIconAndLabel
ReadFmtUserTypeStg
GetConvertStg
CreateDataCache
UtConvertDvtd32toDvtd16
UtGetDvtd16Info
CoQueryAuthenticationServices
UtGetDvtd32Info
CoDisconnectObject
OleConvertOLESTREAMToIStorageEx
OleDuplicateData

kernel32

CreatePipe
GetCurrentDirectoryA
FindCloseChangeNotification
OpenSemaphoreW
Sleep
GetCommState
CreateMailslotA
SetConsoleCP
GetQueuedCompletionStatus
SetCurrentDirectoryA
GetConsoleTitleA
GetNamedPipeInfo
SetErrorMode
EnumCalendarInfoExA
GetNamedPipeHandleStateA
GetStringTypeA
Heap32ListNext
VirtualProtectEx
GetACP
WriteConsoleOutputW
CreateMutexA
CopyFileExA
LoadResource
VirtualAlloc
OpenWaitableTimerA
SetVolumeLabelW
OpenMutexW
FindResourceW
SetThreadAffinityMask
VirtualFree
GetStartupInfoA
GetCurrentProcessId
MoveFileExA
SetConsoleCursorInfo
ReadProcessMemory
TerminateProcess
GetDateFormatW
FreeLibraryAndExitThread
SetThreadLocale
ReleaseSemaphore
VirtualProtect
GetSystemDirectoryA
GetHandleInformation
DisconnectNamedPipe
BuildCommDCBAndTimeoutsW
SetThreadContext
SetSystemTime
GetBinaryType
AddAtomA
GetTickCount
ReleaseMutex
GetTapeParameters
GetProfileSectionW
CreateIoCompletionPort
EndUpdateResourceW
GetThreadPriority
GlobalWire
GetThreadTimes
GenerateConsoleCtrlEvent
FatalAppExitA
EndUpdateResourceA
GetProfileIntA
SetEndOfFile
FileTimeToSystemTime
GetLocalTime
EnumDateFormatsA
ExpandEnvironmentStringsW
GetCalendarInfoA
IsBadHugeWritePtr
GetFullPathNameA
HeapWalk
FillConsoleOutputCharacterW
GetPrivateProfileIntA
BeginUpdateResourceW
GetCommandLineA
FillConsoleOutputAttribute
SetTapePosition
GetNumberFormatA
FindNextFileW
GetProfileStringW
SetLocaleInfoW
GlobalFlags
SetLocalTime
GetAtomNameA
GetBinaryTypeA
LocalCompact
GlobalCompact
VirtualQuery
GlobalFindAtomA
GetFileSize
SleepEx
GlobalMemoryStatus
GetPriorityClass
GetShortPathNameA
GetVolumeInformationW
GetVersionExA
DefineDosDeviceW
GetConsoleTitleW
GetDevicePowerState
LockFileEx
GetFileAttributesExA
SetTimeZoneInformation
WaitForSingleObject
BuildCommDCBW
IsBadStringPtrA
ReadConsoleOutputAttribute
GetConsoleOutputCP
GetDriveTypeW
ConvertDefaultLocale
WideCharToMultiByte
GetTempFileNameW
ClearCommError
GetCommandLineW
CreateTapePartition
SearchPathA
SuspendThread
FileTimeToDosDateTime
EnumResourceLanguagesA
RemoveDirectoryA
LocalUnlock
GetCurrencyFormatW
SwitchToFiber
EnumResourceLanguagesW
IsDBCSLeadByte
WriteConsoleOutputCharacterA

shlwapi

PathCommonPrefixA
StrToIntA
SHEnumValueA
UrlCompareA
PathIsSystemFolderA
StrChrA
StrCatBuffW
PathCreateFromUrlA
UrlCreateFromPathW
PathRenameExtensionW
SHStrDupA
UrlUnescapeW
ChrCmpIA
StrRChrIW
PathIsDirectoryA
SHRegCreateUSKeyA
PathMakePrettyW
SHRegWriteUSValueA
PathMakeSystemFolderA
StrSpnW
UrlCanonicalizeW
PathIsNetworkPathA
SHRegDeleteEmptyUSKeyW
wvnsprintfW
PathGetDriveNumberW
PathGetArgsA
StrToIntExA
UrlGetPartW
ColorAdjustLuma
StrFromTimeIntervalW
PathIsRootA
PathSetDlgItemPathA
StrTrimW
PathRemoveExtensionW
SHRegWriteUSValueW
PathSearchAndQualifyW
AssocQueryStringA
PathIsDirectoryW
PathIsUNCW
SHCopyKeyW
PathIsFileSpecA
SHRegGetUSValueA
PathUndecorateA
SHRegOpenUSKeyA
SHSetValueW
StrCpyNW
SHRegGetBoolUSValueW
PathAddExtensionA
PathCompactPathExW
SHCreateShellPalette
StrStrW
StrNCatA
UrlIsW
PathIsPrefixA
StrPBrkA
SHGetValueW
SHRegQueryUSValueW
StrDupA
PathIsRelativeA
AssocQueryKeyW
StrRetToBufA
StrRStrIW
PathAppendA
PathCreateFromUrlW
IntlStrEqWorkerW
PathUnquoteSpacesW
PathGetArgsW
StrStrIA
StrCSpnIW
SHEnumKeyExW
AssocQueryStringW
PathFindOnPathA
StrFormatKBSizeA
PathFindOnPathW
PathUnmakeSystemFolderA
StrRetToStrW
PathFileExistsW
SHQueryInfoKeyA
SHQueryValueExW
SHOpenRegStream2W
SHGetInverseCMAP
SHIsLowMemoryMachine
SHSetValueA
StrSpnA
ColorHLSToRGB
StrTrimA
AssocQueryStringByKeyA
SHEnumKeyExA
StrRChrW
SHRegOpenUSKeyW
PathFindNextComponentW
StrCatBuffA
UrlCombineW
PathGetCharTypeA
SHRegEnumUSValueA
PathIsURLA
StrRChrIA
StrCSpnW
StrRStrIA
PathStripPathA
SHGetThreadRef
UrlGetLocationA
StrChrIW
PathIsContentTypeA
PathAddExtensionW
SHRegCreateUSKeyW
wnsprintfA
StrPBrkW
PathFindNextComponentA
GetMenuPosFromID
StrIsIntlEqualA
PathRemoveExtensionA
SHRegGetUSValueW
SHDeleteValueA
PathIsDirectoryEmptyW
UrlEscapeW
SHRegSetUSValueW
StrCSpnIA
SHRegQueryInfoUSKeyA
PathIsSameRootA
PathIsNetworkPathW

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

79795195c6f1a78979369d648d3086a4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

ole32

kernel32

shlwapi

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 8KB

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 8KB